{ config, ... }:

let
  domain = "berlin.ccc.de";
in
{
  services = {
    matrix-synapse = {
      enable = true;
      settings = {
        server_name = domain;
        public_baseurl = "https://matrix.${domain}:443/";
        #signing_key_path = config.age.secrets.signing_key.path; # "/var/lib/matrix-synapse/homeserver.signing.key"
        database = {
          name = "psycopg2";
          args = {
            user = "matrix-synapse";
            database = "matrix-synapse";
          };
        };
        listeners = [
          {
            type = "http";
            x_forwarded = true;
            tls = false;
            port = 8008;
            bind_addresses = [ "::1" ];
            resources = [
              {
                compress = false;
                names = [
                  "client"
                  "federation"
                ];
              }
            ];
          }
          {
            type = "metrics";
            port = 9009;
            bind_addresses = [ "::1" ];
            resources = [{
              compress = false;
              names = [ "metrics" ];
            }];
          }
        ];
        enable_metrics = true;
        dynamic_thumbnails = true;
        max_upload_size = "128M";
        max_image_pixels = "64M";

        retention = {
          enabled = true;
          default_policy = {
            min_lifetime = "1d";
            max_lifetime = "1y";
          };
          allowed_lifetime_min = "1d";
          allowed_lifetime_max = "1y";
        };
      };
      extraConfigFiles = [
        config.age.secrets.matrix-registration-shared-secret.path
      ];
      enableRegistrationScript = true;
    };

    postgresql = {
      ensureUsers = [
        {
          name = config.services.matrix-synapse.settings.database.args.user;
          ensureDBOwnership = true;
        }
      ];
      ensureDatabases = [
        config.services.matrix-synapse.settings.database.args.database
      ];
    };
  };
}